The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

1 ... 450 451 452 453 454 455 456 457 ... 875

Bog'liq
3794 1008 4334

AUTHOR

TITLE

YEAR

Litchfield

The Database Hacker’s Handbook

2005

Anley

The Shellcoder’s Handbook

2007

You saw earlier how an attacker could supply crafted input to the search

function to subvert the

WHERE

clause of the query and so return all of the books

held within the database. A far more interesting attack would be to use the

UNION

operator to inject a second

SELECT

query and append its results to those

of the first. This second query can extract data from a different database table

altogether. For example, entering the search term

Wiley’ UNION SELECT username,password,uid FROM users--

will cause the application to perform the following query:

SELECT author,title,year FROM books WHERE publisher = ‘Wiley’

UNION

SELECT username,password,uid FROM users--‘

This returns the results of the original search followed by the contents of the

users table:

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 450 451 452 453 454 455 456 457 ... 875